2025-10-31 17:52:10 +01:00
16 changed files with 1 additions and 339 deletions
--- a/flake.lock
+++ b/flake.lock
@ -90,26 +90,6 @@
        "type": "github"
      }
    },
-    "framework-plymouth": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1744254441,
-        "narHash": "sha256-zpbqouGFxu0fdECX54jHPyjYEX+04kZRWZFZ4IKL58c=",
-        "owner": "j-pap",
-        "repo": "framework-plymouth",
-        "rev": "6aa8efd36bd79660ced9b8a82495afdb0c8c1166",
-        "type": "github"
-      },
-      "original": {
-        "owner": "j-pap",
-        "repo": "framework-plymouth",
-        "type": "github"
-      }
-    },
    "git-hooks": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -334,7 +314,6 @@
      "inputs": {
        "disko": "disko",
        "flake-parts": "flake-parts",
-        "framework-plymouth": "framework-plymouth",
        "git-hooks": "git-hooks",
        "nixinate": "nixinate",
        "nixos-generators": "nixos-generators",
--- a/flake.nix
+++ b/flake.nix
@ -34,11 +34,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    framework-plymouth = {
-      url = "github:j-pap/framework-plymouth";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
    # own flakes
    stunkymonkey = {
      url = "github:Stunkymonkey/stunkymonkey.de";
@ -81,9 +76,7 @@
        }:
        {
          # make pkgs available to all `perSystem` functions
-          _module.args.pkgs = import inputs.nixpkgs {
-            inherit system;
-          };
+          _module.args.pkgs = import inputs.nixpkgs { inherit system; };

          # enable pre-commit checks
          pre-commit.settings = {
--- a/machines/.sops.yaml
+++ b/machines/.sops.yaml
@ -2,16 +2,10 @@

 keys:
  - &admin_felix age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
-  - &workman age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2
  - &thinkman age1spt854cdscqs757a8kazth52rv4p9udh54suw9lpzlqg5savyapq2u0c03
  - &serverle age14nt7qcsrye0vrpk0xcgcfmhkxwwumna39fpn83g3x0zml62skatqpnmhk4
  - &newton age1s9spl75rwhgm3cvvqsr9rze5m0kuxqes2tsxjmq07xg5ycn5j47s2m0dlu
 creation_rules:
-  - path_regex: workman/secrets.yaml$
-    key_groups:
-      - age:
-          - *admin_felix
-          - *workman
  - path_regex: thinkman/secrets.yaml$
    key_groups:
      - age:
--- a/machines/configurations.nix
+++ b/machines/configurations.nix
@ -58,13 +58,6 @@ in
        ./thinkman/configuration.nix
      ];
    };
-    workman = nixosSystem {
-      system = "x86_64-linux";
-      modules = defaultModules ++ [
-        nixos-hardware.nixosModules.framework-amd-ai-300-series
-        ./workman/configuration.nix
-      ];
-    };
    newton = nixosSystem {
      system = "x86_64-linux";
      modules = defaultModules ++ [ ./newton/configuration.nix ];
--- a/machines/core/users.nix
+++ b/machines/core/users.nix
@ -17,7 +17,6 @@
      "libvirtd" # kvm control
      "networkmanager" # wireless configuration
      "podman" # usage of `podman` socket
-      "seat" # access to input devices
      "video" # screen control
      "wheel" # `sudo` for the user.
    ];
--- a/machines/workman/boot.nix
+++ b/machines/workman/boot.nix
@ -1,24 +0,0 @@
-{
-  config,
-  inputs,
-  ...
-}:
-{
-  boot = {
-    loader = {
-      timeout = 1;
-      systemd-boot = {
-        enable = true;
-        configurationLimit = 10;
-        consoleMode = "keep";
-        editor = true;
-      };
-      efi.canTouchEfiVariables = true;
-    };
-    plymouth = {
-      enable = true;
-      theme = "framework";
-      themePackages = [ inputs.framework-plymouth.packages.${config.nixpkgs.system}.default ];
-    };
-  };
-}
--- a/machines/workman/configuration.nix
+++ b/machines/workman/configuration.nix
@ -1,29 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./boot.nix
-    ./disko-config.nix
-    ./hardware-configuration.nix
-    ./network.nix
-    ./profiles.nix
-    ./remote-build.nix
-    ./services.nix
-    ./system.nix
-  ];
-
-  networking.hostName = "workman";
-
-  sops = {
-    defaultSopsFile = ./secrets.yaml;
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    gnupg.sshKeyPaths = [ ];
-  };
-
-  # needed for cross-compilation
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  system = {
-    stateVersion = "24.11";
-    autoUpgrade.enable = true;
-  };
-}
--- a/machines/workman/disko-config.nix
+++ b/machines/workman/disko-config.nix
@ -1,72 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      vdb = {
-        type = "disk";
-        device = "/dev/disk/by-id/nvme-eui.e8238fa6bf530001001b444a456de595";
-        content = {
-          type = "gpt";
-          partitions = {
-            boot = {
-              size = "1M";
-              type = "EF02"; # for grub MBR
-            };
-            ESP = {
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "defaults" ];
-              };
-            };
-            luks = {
-              size = "100%";
-              content = {
-                type = "luks";
-                name = "encrypted";
-                settings.allowDiscards = true;
-                passwordFile = "/tmp/disk.key";
-                content = {
-                  type = "lvm_pv";
-                  vg = "pool";
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100G";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-            };
-          };
-          home = {
-            size = "500G";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/home";
-            };
-          };
-          swap = {
-            size = "64G";
-            content = {
-              type = "swap";
-              resumeDevice = true;
-            };
-          };
-        };
-      };
-    };
-  };
-}
--- a/machines/workman/hardware-configuration.nix
+++ b/machines/workman/hardware-configuration.nix
@ -1,30 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-let
-  cpuFlavor = "amd";
-in
-{
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  my.hardware = {
-    bluetooth.enable = true;
-    debug.enable = true;
-    drive-monitor.enable = true;
-    firmware = {
-      enable = true;
-      inherit cpuFlavor;
-    };
-    graphics = {
-      enable = true;
-      inherit cpuFlavor;
-    };
-    id-card.enable = true;
-    keychron.enable = true;
-    monitor.enable = true;
-    sound.enable = true;
-    thunderbolt.enable = true;
-    yubikey.enable = true;
-  };
-}
--- a/machines/workman/network.nix
+++ b/machines/workman/network.nix
@ -1,20 +0,0 @@
-# network settings
-_: {
-  # hotfixes for dns settings
-  networking.extraHosts =
-    let
-      serverle_ip = "192.168.178.60";
-    in
-    ''
-      ${serverle_ip} stunkymonkey.de
-      ${serverle_ip} automation.stunkymonkey.de
-      ${serverle_ip} download.stunkymonkey.de
-      ${serverle_ip} esphome.stunkymonkey.de
-      ${serverle_ip} indexer.stunkymonkey.de
-      ${serverle_ip} media.stunkymonkey.de
-      ${serverle_ip} movies.stunkymonkey.de
-      ${serverle_ip} series.stunkymonkey.de
-      ${serverle_ip} subtitles.stunkymonkey.de
-      ${serverle_ip} view.stunkymonkey.de
-    '';
-}
--- a/machines/workman/profiles.nix
+++ b/machines/workman/profiles.nix
@ -1,24 +0,0 @@
-# enabled profiles
-_: {
-  my.profiles = {
-    "3d-design".enable = true;
-    android.enable = true;
-    clean.enable = true;
-    desktop-apps.enable = true;
-    desktop-dev.enable = true;
-    development.enable = true;
-    filesystem.enable = true;
-    gaming.enable = true;
-    latex.enable = true;
-    media.enable = true;
-    meeting.enable = true;
-    nautilus.enable = true;
-    powersave.enable = true;
-    printing.enable = true;
-    sway.enable = true;
-    sync.enable = true;
-    update.enable = true;
-    usb-iso.enable = true;
-    webcam.enable = true;
-  };
-}
--- a/machines/workman/remote-build.nix
+++ b/machines/workman/remote-build.nix
@ -1,24 +0,0 @@
-# enabled remote-build service
-{ config, ... }:
-let
-  inherit (config.sops) secrets;
-in
-{
-  sops.secrets."nixremote/ssh_key" = { };
-  nix.buildMachines = [
-    {
-      hostName = "buehler.rocks";
-      system = "x86_64-linux";
-      supportedFeatures = [
-        "benchmark"
-        "kvm"
-        "big-parallel"
-      ];
-      sshUser = "nixremote";
-      sshKey = secrets."nixremote/ssh_key".path;
-      maxJobs = 4;
-    }
-  ];
-
-  nix.distributedBuilds = true;
-}
--- a/machines/workman/secrets.yaml
+++ b/machines/workman/secrets.yaml
@ -1,37 +0,0 @@
-users:
-    felix:
-        password: ENC[AES256_GCM,data:3r1f8iUSgT3mDflSkvl3cyfciBZI5rDa9jMZcfW/mniNt9PJTNaaNbBC/cIxgbwcD991Y/Y0NKB0vxOmKMCIcclvGRUwLdKwFQ==,iv:Chya0lUhNtYcOp3GyNl+I1VyNV3KvSOZxeWUgz3SBnA=,tag:OhdIXdwbQAV0eZZS/kpW1Q==,type:str]
-borgbackup:
-    password: ENC[AES256_GCM,data:BodZSJGi/pYZYIG5NYEeNrTVdYdzlgA2lZCNcIL+kT4=,iv:Vmbzq8MxyboeLmM3MyTGVr6+S/JrwbFDaP8PWh+s8aY=,tag:atj9ap7X6drdGMnnCbEZPg==,type:str]
-    ssh_key: ENC[AES256_GCM,data:LhGZ2VzOWwcjO0gd1ia7Nb6Roy9+kZwYW2ucjWqpeq6e1xl6JXFRkJJ/bLIA++yUVZarLSabhDn0DDHVfGyO5fOdSuuduu0lCl+ffxz3zX7RjibInwstwnvqJo2ZrBbI+9QPBxI4IRo4uEllljN5N4Fvq3Pq6tMLX2ZpkqIEWayDa28gxM3Ib/at9DGSiEsyhJm2b6HTMUi/lXX9vIxPPOgaqmuWgpp7Tzkd8Ph08zvnloWvlRZaYxl/n7+VxEohqZY88RfFSNT/N5TtgnFFTTRX+9B0vCRqyJq9XQ3cf0fG0NJzb0kcO25k45kAGU7QOJ8V7YPgPPwPPWU7IAluhFi9x78QLsuAioXnl79aZli11NE7Gyn2n4FkkhVX1W078tbvLiNURSfVro7crcf6WCX1PBvbuDFdKg8I2r58aZ5vglD5QD0gBbhL0js13z80DRCdNCtyNQZfgMXvAIEq3Lw3UvTUspInMJos7Kgs0hCK/SoP87SymYEkGORpZzoGg/zlHf0kExOj3Fni+LK24sArc/CIeCBBc/BJ,iv:jDAB5ExuplfUtJqgub4oV/wbytpnjK3MjJko/rsJ0fM=,tag:s2aODtXR9Qu29tKjZvfyKA==,type:str]
-nixremote:
-    ssh_key: ENC[AES256_GCM,data:vO3U1dW3VhHSNDDFlt6Slqf2+sf0xeZ/3ztyqGIkUKwU87flHP0cVVyPF71UCSowhFu7SSK/DEkzTdNjoCnx21HDQ5zc+JZFJjKIE7HotcJwWR6/a9hFZniY4FVLAnW+locWjbcOB+Mou/VHm1uo+a8wmNOJTw7FS3ZM6FfANLDZcjxcjJKu23UcUyXDxuMySkRKmLneyfwlk5aP1toyjBwnS9og1UPjSTy6ldM6gsfUv1mZ+BbCWgtiwxcGEy859ROOMuqKxUKGDbgHnby/aqs7dP8xzoVoZQXjHYoWLp1/7IforoyXb8GiUkOWRlCC/dJm6Kx9Y67M13LwKEpX2+WOfNCHqTjYO4234zfOZ1DRJtwCAMKH7y0sjAYp9bK6iHv3qKIjreDSA8S6xbQP5LnXvp55460Puq+Xe2HdnugRfd3d6pKMrHmnRE8mmstG6jDxdGqtoGo2VBvDGAC080J6BXxP0/xpeXwc99TSDdHEymqodZoz3jQuGMb+brxSyDgaw6FEDPNkpxdUFl0/vShTfROqgT0NVbH3,iv:SXIDRjHBQBcstSz1Pgv5jI8+XHbJA/QrqF9EOkIcvqE=,tag:ZakbophvoJmWlVX88hMA7A==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hf8m9upp00dr7qv2kmqdr50fpvd9ejzkfu8yknqnuda2aas2tvrs4l3u7m
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdGpCSWlVMUt1M1hZM2FM
-            WWVzVlA3bVRpOUlXU1hQMEhKUDlKMmtrRWhRCkNNZko1ZlowRWtTZzRwelBYTlY3
-            Q1o2NE9pSFNUckJDQzBTZUxkbkR4SncKLS0tIHBrQVo0OGpvQnJVblRta0JHLy9I
-            K2JaanpIRXVsR3VNejhWNmdEMjczUTQKfp7BI9UEl+r4iehbfoJk9x5KjXszsjVZ
-            qEKeyj7z8w+rjspNXtAhh1CN2EcHsT8DiygrIheltSMZYfWk1Ai8Zw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1f2e644jteyeppfaatajtvjmsupl0e7nzx97ded6m0cgzw04l84ks5xl9l2
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTkhPcmJKVDc0RWRaeHA0
-            U2F5WnVzMzcxSGZUakRCNlQzK0tyeEZ2bDEwCklRMUxVS3gyYlM3aWsxODV4MmVO
-            S0JuVFNvaHNJMzFUVDkvbmZYa2MweTQKLS0tIDJ1eHp2OGI1QjJJTjJzK2ZpNm5n
-            bEl0bWl3OHdOcDU2UEpIWjNUWjZpeEkK7J7WK/09l2gY9NixQL+I5B7wCWH2fJQ1
-            +Zau6I2CDVhine3twNsGN0OpUQF7aHX2dwFhKyxPthFj3YTE1oR0yA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-05T21:53:42Z"
-    mac: ENC[AES256_GCM,data:700AWjj0wgdSdyXPAKkdttqeThxtz5Ui7K53wRt0VY657fsRJiezqCp/1JVgLfFCKstfbIE1GbTtAetDJ2cRdthpsgMDCG6EQVap7Kt8YCnqDPcPl7ND5yKR6nOjzmd+p2drIp4SHIDSzM9IJvd1XNvpWsgakPs3YgQjFoRElnY=,iv:l/M8pShzBzd/XyHUXE9HWM1a/At9biYJTj2cZ4xbxkQ=,tag:FtELUjvGO6BImmV8D/FmfA==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
--- a/machines/workman/services.nix
+++ b/machines/workman/services.nix
@ -1,21 +0,0 @@
-# Deployed services
-{ config, ... }:
-let
-  inherit (config.sops) secrets;
-in
-{
-  sops.secrets."borgbackup/password" = { };
-  sops.secrets."borgbackup/ssh_key" = { };
-
-  # List services that you want to enable:
-  my.services = {
-    backup = {
-      enable = true;
-      OnFailureNotification = true;
-      passwordFile = secrets."borgbackup/password".path;
-      sshKeyFile = secrets."borgbackup/ssh_key".path;
-      paths = [ "/" ];
-    };
-    vpn.enable = true;
-  };
-}
--- a/machines/workman/system.nix
+++ b/machines/workman/system.nix
@ -1,13 +0,0 @@
-# enabled system services
-_: {
-  my.system = {
-    avahi.enable = true;
-    fonts.enable = true;
-    kvm = {
-      enable = true;
-      cpuFlavor = "amd";
-    };
-    podman.enable = true;
-    spell-check.enable = true;
-  };
-}
--- a/profiles/sway/default.nix
+++ b/profiles/sway/default.nix
@ -31,8 +31,6 @@ in
    environment.systemPackages = with pkgs; [ polkit_gnome ];
    environment.pathsToLink = [ "/libexec" ];

-    services.seatd.enable = true;
-
    programs = {
      foot.enable = true;
      light.enable = true;